You can use the Permissions tab to manage access permissions and
object ownership. In Amazon S3, buckets and objects are private by default. You must
explicitly
grant permissions for your buckets and the objects in them.
S3 Block Public Access provides settings to manage public access. You can use the
S3 Block
Public Access settings to limit public access by overriding any other public access
permissions that are granted for your bucket and the objects in it.
To allow or deny actions by specific principals (for example, other AWS accounts or
AWS Identity and Access Management [IAM] users) on your bucket and the objects in
it, you can add a bucket policy.
Note: Bucket policies don't apply to objects that are
owned by other accounts.
For general purpose buckets, all Block Public Access settings are enabled and ACLs
are disabled
by default. You can modify these settings for general purpose buckets. For directory
buckets
all Block Public Access settings are automatically enabled at the bucket level and
ACLs are
disabled. These settings can't be modified for directory buckets.
You can also edit the access control list (ACL) for your general purpose buckets to
grant read (list
objects) and write (put objects) permissions to specific grantees. However, using
ACLs to
control access to your buckets is not a recommended best practice. We recommend using
bucket
policies and IAM user policies instead.
A majority of modern use cases in Amazon S3 no longer require
the use of ACLs. We recommend that you keep ACLs disabled, except in specific circumstances
where you need to control access for each object individually.
With Object Ownership, you can disable ACLs and rely on policies for access control.
When
you disable ACLs, you can more easily maintain a bucket with objects uploaded by different
AWS accounts. You as the bucket owner own all the objects in the bucket and can manage
access to them by using policies.
Was this content helpful?